starting to modularize vault logic

enclave-runtime/src/initialization/mod.rs

@@ -307,78 +307,6 @@ pub(crate) fn init_shard(shard: ShardIdentifier) -> EnclaveResult<()> {
 	Ok(())
 }
 
-pub(crate) fn init_proxied_shard_vault(shard: ShardIdentifier) -> EnclaveResult<()> {
-	let state_handler = GLOBAL_STATE_HANDLER_COMPONENT.get()?;
-	if !state_handler.shard_exists(&shard).unwrap() {
-		return Err(Error::Other("shard not initialized".into()))
-	};
-
-	let ocall_api = GLOBAL_OCALL_API_COMPONENT.get()?;
-	let enclave_signer = GLOBAL_SIGNING_KEY_REPOSITORY_COMPONENT.get()?.retrieve_key()?;
-	let enclave_extrinsics_factory = get_extrinsic_factory_from_integritee_solo_or_parachain()?;
-	let node_metadata_repo = get_node_metadata_repository_from_integritee_solo_or_parachain()?;
-	let vault = enclave_signer
-		.derive(vec![DeriveJunction::hard(shard.encode())].into_iter(), None)
-		.map_err(|e| Error::Other("failed to derive shard vault keypair".into()))?
-		.0;
-
-	info!("shard vault account derived pubkey: 0x{}", hex::encode(vault.public().0.clone()));
-
-	let (state_lock, mut state) = state_handler.load_for_mutation(&shard)?;
-	state.state.insert(SHARD_VAULT_KEY.into(), vault.public().0.to_vec());
-	state_handler.write_after_mutation(state, state_lock, &shard)?;
-	// todo!
-	// parentchain-query: if shard vault not yet existing or self not proxy:
-
-	// xt: send funds from enclave account to new vault account (panic if not enough funds)
-
-	info!("send existential funds from enclave account to vault account");
-	let call_ids = node_metadata_repo
-		.get_from_metadata(|m| m.call_indexes("Balances", "transfer_keep_alive"))?
-		.map_err(MetadataProviderError::MetadataError)?;
-
-	let call = OpaqueCall::from_tuple(&(
-		call_ids,
-		Address::from(AccountId::from(vault.public().0)),
-		Compact(Balance::from(PROXY_DEPOSIT)),
-	));
-
-	info!("vault funding call: 0x{}", hex::encode(call.0.clone()));
-	let xts = enclave_extrinsics_factory.create_extrinsics(&[call], None)?;
-
-	//this extrinsic must be included in a block before we can move on. otherwise the next will fail
-	ocall_api.send_to_parentchain(xts, &ParentchainId::Integritee, true);
-
-	// we are assuming nonce=0 here.
-	let nonce_cache = Arc::new(NonceCache::default());
-	let vault_extrinsics_factory = enclave_extrinsics_factory
-		.with_signer(StaticExtrinsicSigner::<_, PairSignature>::new(vault), nonce_cache);
-
-	info!("register enclave signer as proxy for shard vault");
-	let call_ids = node_metadata_repo
-		.get_from_metadata(|m| m.call_indexes("Proxy", "add_proxy"))?
-		.map_err(MetadataProviderError::MetadataError)?;
-
-	let call = OpaqueCall::from_tuple(&(
-		call_ids,
-		Address::from(AccountId::from(enclave_signer.public().0)),
-		ProxyType::Any,
-		0u32, // delay
-	));
-
-	info!("add proxy call: 0x{}", hex::encode(call.0.clone()));
-	let xts = vault_extrinsics_factory.create_extrinsics(&[call], None)?;
-
-	ocall_api.send_to_parentchain(xts, &ParentchainId::Integritee, false);
-
-	// xt: delegate proxy authority to its own enclave accountid proxy.add_proxy() (panic if fails)
-	// caveat: must send from vault account. how to sign extrinsics with other keypair?
-	// sth like: extrinsics_factory.with_signer(keypair).create_extrinsics(
-	// write vault accountid to STF State (SgxExternalitiesType) with key ShardVaultAccountId to make it available also beyond service restart for non-primary SCV later
-	// return and log vault accountId
-	Ok(())
-}
-
 /// Initialize the TOP pool author component.
 pub fn create_top_pool_author(
 	connection_registry: Arc<EnclaveRpcConnectionRegistry>,

enclave-runtime/src/lib.rs

@@ -41,6 +41,7 @@ use crate::{
 		GLOBAL_TARGET_B_SOLOCHAIN_HANDLER_COMPONENT,
 	},
 	rpc::worker_api_direct::sidechain_io_handler,
+	shard_vault::init_proxied_shard_vault,
 	utils::{
 		get_node_metadata_repository_from_integritee_solo_or_parachain,
 		get_node_metadata_repository_from_target_a_solo_or_parachain,
@@ -76,12 +77,12 @@ use std::{
 	string::{String, ToString},
 	vec::Vec,
 };
-
 mod attestation;
 mod empty_impls;
 mod initialization;
 mod ipfs;
 mod ocall;
+mod shard_vault;
 mod utils;
 
 pub mod error;
@@ -220,36 +221,6 @@ pub unsafe extern "C" fn get_ecc_signing_pubkey(pubkey: *mut u8, pubkey_size: u3
 	sgx_status_t::SGX_SUCCESS
 }
 
-#[no_mangle]
-pub unsafe extern "C" fn get_ecc_vault_pubkey(
-	shard: *const u8,
-	shard_size: u32,
-	pubkey: *mut u8,
-	pubkey_size: u32,
-) -> sgx_status_t {
-	let shard = ShardIdentifier::from_slice(slice::from_raw_parts(shard, shard_size as usize));
-	let state_handler = match GLOBAL_STATE_HANDLER_COMPONENT.get() {
-		Ok(s) => s,
-		Err(e) => {
-			error!("{:?}", e);
-			return sgx_status_t::SGX_ERROR_UNEXPECTED
-		},
-	};
-
-	/*let vault_pubkey: Vec<u8> = state_handler
-			.execute_on_current(&shard, |state, _| state.state.get::<Vec<u8>>(&SHARD_VAULT_KEY.into()))
-			.unwrap()
-			.unwrap()
-			.to_vec();
-
-		let pubkey_slice = slice::from_raw_parts_mut(pubkey, pubkey_size as usize);
-		//debug!("Restored ECC pubkey: {:?}", signer_public);
-
-		pubkey_slice.clone_from_slice(&vault_pubkey);
-	*/
-	sgx_status_t::SGX_ERROR_UNEXPECTED
-}
-
 #[no_mangle]
 pub unsafe extern "C" fn set_nonce(
 	nonce: *const u32,
@@ -460,22 +431,6 @@ pub unsafe extern "C" fn init_shard(shard: *const u8, shard_size: u32) -> sgx_st
 	sgx_status_t::SGX_SUCCESS
 }
 
-#[no_mangle]
-pub unsafe extern "C" fn init_proxied_shard_vault(
-	shard: *const u8,
-	shard_size: u32,
-) -> sgx_status_t {
-	let shard_identifier =
-		ShardIdentifier::from_slice(slice::from_raw_parts(shard, shard_size as usize));
-
-	if let Err(e) = initialization::init_proxied_shard_vault(shard_identifier) {
-		error!("Failed to initialize proxied shard vault ({:?}): {:?}", shard_identifier, e);
-		return sgx_status_t::SGX_ERROR_UNEXPECTED
-	}
-
-	sgx_status_t::SGX_SUCCESS
-}
-
 #[no_mangle]
 pub unsafe extern "C" fn sync_parentchain(
 	blocks_to_sync: *const u8,